[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DNS and WINS Server Spoofing Vulnerability - MS09-008

ID: oval:org.secpod.oval:def:2620Date: (C)2011-10-27   (M)2022-10-10
Class: PATCHFamily: windows




The host is missing impotant security update according to Microsoft security bulletin, MS09-008. The update is required to fix DNS and WINS server spoofing vulnerability. DNS Resolver Cache Service (aka DNSCache) when dynamic updates are enabled, does not reuse cached DNS responses and WINS server does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features. Successful exploitation could result in poisoning the caches and spoofing proxy server.

Platform:
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Reference:
MS09-008
CVE-2009-0093
CVE-2009-0094
CVE-2009-0233
CVE-2009-0234
CVE    4
CVE-2009-0234
CVE-2009-0233
CVE-2009-0094
CVE-2009-0093
...
CPE    8
cpe:/o:microsoft:windows_server_2008:::x64
cpe:/o:microsoft:windows_server_2008:::x86
cpe:/o:microsoft:windows_2000::sp4
cpe:/o:microsoft:windows_2003_server::sp1:itanium
...
XCCDF    4
xccdf_com.secpod_benchmark_microsoft-windows-2000
xccdf_com.secpod_benchmark_microsoft-windows-server-2008
xccdf_com.secpod_benchmark_microsoft-windows-server-2003
xccdf_scaprepo.com_benchmark_microsoft-windows-server-2003
...

© SecPod Technologies